 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
saymunzz
How do I cheat?
![]() Reputation: 0
Joined: 04 Aug 2015
Posts: 2
|
 Posted: Tue Aug 04, 2015 4:19 am Post subject: Some questions regarding the game I'm messing with |
 |
|
Hi,
Recently I've been learning how to use Cheat Engine, following some of the tutorials on the forum as well as playing with the Tutorial application and some other basic games, and I have some questions I'm hoping could get answered.
The game I've been playing with is "Healer's Yell" (version 1.02). This is a game where you play as a healer, and your objective is to heal and buff your party members while they take down monsters.
The questions I have is regarding scripting and code injection.
My first goal in this game was to create a script which could be toggled to give would set the cost of spells to 0 MP. Essentially what I did was; find the memory address for the MP value, and then checking what wrote to the address, which brought me to here:
| Code: | [b]00451A95 - 89 01 - mov [ecx],eax[/b]
EAX=0000005F
EBX=7EFDE000
ECX=003ED928
EDX=003ED928
ESI=0000001E
EDI=76AF1245
EBP=00186924
ESP=0018682C
EIP=00451A97
Probable base pointer =003ED928
00451A8D - sub eax,[ecx]
00451A8F - mov ecx,[ebp-0000009C]
[b]00451A95 - mov [ecx],eax[/b]
00451A97 - jmp Game.exe+51FB8
00451A9C - push 01
|
Now I followed some tutorials on writing some scripts to inject, but I'm not fully understanding exactly what I've written. I wrote two different versions, with only one of them working.
one (didn't work):
| Code: | [ENABLE]
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem:
nop
originalcode:
//mov [eax],edx
exit:
jmp returnhere
"Game.exe"+51A95:
jmp newmem
returnhere:
[DISABLE]
dealloc(newmem)
"Game.exe"+51A95:
mov [eax],edx |
two (worked):
| Code: | [ENABLE]
aobscan(mp,89 01 E9 1C 05 00 00 6A 01 8B 55 C8 8B 8A 98 08)
label(_mp)
registersymbol(_mp)
mp:
_mp:
db 90 90
[DISABLE]
_mp:
db 89 01
unregistersymbol(_mp) |
I knew essentially all I needed to do was replace the existing code with nop making the first one a bit over-kill, but I'm just wondering why it wouldn't work? I'm not 100% sure but my guess would be because I'm essentially replacing the original code with something bigger? If I wanted to use this approach, how would I need to go about making it work?
Also, I'm not fully understanding the symbols for second script. What does registering a symbol do (in this case, _mp)? What does it mean when it is placed after the 'mp:', and why don't I need to add a mp: in the disable section?
Thanks!
|
|
| Back to top |
|
 |
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Tue Aug 04, 2015 5:09 am Post subject: |
|
|
It's hard to say for sure, since you don't show us the full disassembly. The first script has a useless nop in the newmem section and is making use of edx even though the debugger didn't show it. I don't trust the memory addresses or sizes, either, without seeing the full disassembly/symbols. Is there any reason you're not using the template generator?
To answer the other questions... something bigger is why you're allocating memory in the first script. And in the second script, you're registering the symbol so that you can "see" it in the second part without a new aobscan. You're assigning _mp the address of mp by placing the label underneath mp.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
saymunzz
How do I cheat?
![]() Reputation: 0
Joined: 04 Aug 2015
Posts: 2
|
| Posted: Tue Aug 04, 2015 5:49 am Post subject: |
|
|
Sorry, I couldn't link a screenshot because I'm still new, but I've attached an image of the disassembly.
In regards to a template generator, I didn't even know there was one.. Where can I find that?
About the memory allocation, I know that wasn't necessary for this example particularly because replacing the code with nop works fine. I added it because it was more of a 'what if I wanted to attempt to add some extra code' scenario
Thanks for answering the second part! Getting a clearer understanding now.
My next concern now is how can do I jump to newly allocated memory if I have less than 5 bytes to work with? (see second screenshot)
| Description: |
|
| Filesize: |
105.48 KB |
| Viewed: |
3348 Time(s) |
|
| Description: |
|
| Filesize: |
93.99 KB |
| Viewed: |
3348 Time(s) |
|
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
Reputation: 23
Joined: 29 Jun 2010
Posts: 891
|
| Posted: Tue Aug 04, 2015 7:05 am Post subject: |
|
|
| saymunzz wrote: | | In regards to a template generator, I didn't even know there was one.. Where can I find that? |
From the autoassembly edit window, click the template menu at the top and choose one suitable. I prefer cheat table framework, then aob or full injection.
| saymunzz wrote: | | My next concern now is how can do I jump to newly allocated memory if I have less than 5 bytes to work with? |
You replace multiple lines and pad w/ nop. Try running the template generator a few times and see how it does it. It takes care of all that for you. If the next line is a relative jump or call you may want to take special notice that it's relocated properly, but I imagine it will be.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
